IF YOU WOULD LIKE TO GET AN ACCOUNT, please write an
email to Administrator. User accounts are meant only to access repo
and report issues and/or generate pull requests.
This is a purpose-specific Git hosting for
BaseALT
projects. Thank you for your understanding!
Только зарегистрированные пользователи имеют доступ к сервису!
Для получения аккаунта, обратитесь к администратору.
on write-only files. Jim please check. Should not affect
Windows clients - I ensured all the relevent Samba4
torture tests still pass.
Jeremy.
(This used to be commit 6df3cac44f)
The main thing here is a rewrite of srv_winreg_nt.c. The core functionality
has moved to registry/reg_api.c which is then usable by the rest of Samba as
well.
On that way it fixes creating keys with more than one element in the
path. This did not work before.
Two things that sneaked in (sorry :-) is the change of some routines from
NTSTATUS to WERROR the removed "parent" argument to regkey_open_internal.
Volker
(This used to be commit fea52801de)
Metze: as noted by "shattered" and discussed on the irc,
here is a patch to lib/sysquotas_linux.c replacing some
"get"s by "set"s. The other lib/sysquotas*.c files look
ok to me. But in the linux variant, the problem is not
in the actual call of quotactl but in the preparation of
the respective "D" structs. This makes the difference
between the get and set calls for SMB_USER_FS_QUOTA_TYPE
and SMB_GROUP_FS_QUOTA_TYPE.
metze
(This used to be commit d303cc7e62)
Fix code that mistakenly assumed tdb_traverse
returned 0 or -1, it actually returns -1 or the
number of entries traversed. Add a static as another
way to return the bad cache value.
Jeremy.
(This used to be commit 5266a70ae9)
against tdb corruption. Needs fleshing out
(and I forgot one record type) and needs helpful
suggestion from Volker to validate freelist,
but should give an idea of how this will look.
Jeremy.
(This used to be commit 8eb53f74e4)
With more than 5 different trees I can't swear that I did test this properly
yesterday. Sorry for the noise.
Volker
(This used to be commit 978a6196bf)
other StringBufs, otherwise clicking on a key with this value being set leads
to regedit.exe on w2k3 chew all memory.
(This used to be commit b148cde7f3)
considerably here.
This temporarily removes a cache for the tdb based registry, I'll re-add that
in srv_winreg_nt.c in the next step.
This fixes creating/renaming values from the windows regedit.exe, as "New
Value #1" was not entering the cache after being created.
Volker
(This used to be commit c8c81f0e86)
length in *bytes* for UTF-16, not the string length. This got lost during the
conversion.
This took a while to figure out :-)
Thanks to Chetan!
Volker
(This used to be commit 8df6544fa8)
waiting for comments. This is what version control is for, and it does fix a
segfault I ran into ;-)
Nevertheless, Jelmer & Jerry, please take a look!
Thanks,
Volker
(This used to be commit 95c14a822c)
W2k3. The server requires that size==0 in the [in] name. Somehow I get the
feeling that something is badly wrong here....
I did not yet recreate the gen_ndr equivalent, see next mail.
Volker
(This used to be commit 016ddce120)
(http://www.centeris.com/) under my copyright.
* Rework error reporting to use DNS_ERROR instead
of int32
* Convert memory allocation to use talloc()
* Generalize the DNS request/response packet marshalling
* Fix the secure update requests
(This used to be commit c787983336)
string the clis_state struct. So call saf_store() after we
have the short domain name in the lsa_query_inof_policy code.
* Remove unused server string in saf_delete()
(This used to be commit 3eddae2f20)
we're just doing strchr on a const string there's
no need to strdup it before, we're never modifying
it. Just remove the variable "parm".
Jeremy.
(This used to be commit 1af18f613b)
because of this. Probably a show-stopper for 3.0.23d.
Thanks to Alain GORLIER <alain.gorlier@altissemiconductor.com>
for the fix.
Jeremy.
(This used to be commit b167785cbd)
Jerry, please check this. The way I understood alpha_strcpy the last arg needs
to be the size of the target, not of the source.
Thanks,
Volker
(This used to be commit 287d68daab)
prints the hash on every record for easier awk'ing, and tdbbackup allows a
different hash chain length on the backed up tdb.
Jeremy, Günther, this might be interesting for you huge domains. Not only
locking.tdb, also the winbind ones might grow huge.
In the installation I fixed with this winbind spent a huge amount of CPU
spinning through a degenerated winbindd_idmap.tdb with entries for more than
15.000 users. With a default number of hash chains of 131 on that tdb you can
imagine that the lists get large.
Not merging to 4, I don't get tdbbackup to compile there right now.
What about changing the global default hash chain number to be dramatically
larger? Disk is cheap these days.
Volker
(This used to be commit 577d0ff658)
I updated the vfs version in 3.0.24 from 16 to 17, beacuse 16 was the
latest released code, but on SAMBA_3_0, I reverted my earlier change
back from 19 to 18, because we've not had any released code with 18.
This is related to the kernel_flock call addition.
(This used to be commit fb8e43fb49)
When having DC-less sites, AD assigns DCs from other sites to that site
that does not have it's own DC. The most reliable way for us to identify
the nearest DC - in that and all other cases - is the closest_dc flag in
the CLDAP reply.
Guenther
(This used to be commit ff004f7284)
the DN must be rid,domain and not domain,rid
Also use member and not memberOf for group members
following conventions.
(This used to be commit 7c0ea791d2)
-lgssapi_krb5. With that change I could sucessfully verify that Heimdal
support is still working nicely after the changes from jpeach.
Guenther
(This used to be commit 53d09487a0)
Add configure option --enable-fam so that FAM support can explicitly
be controlled at build time. Default behaviour is to autodetect.
(This used to be commit 066951bc48)
tdb. This includes:
- the new tdb_lockall and tdb_lockall_read code, which will be needed
for the ldb speedups
- the tdb logging changes. This is an intermediate step to keep the
differences between the two branches small. The plan is still to
move to a tdb_init()/tdb_set_logging_function()/tdb_attach() style
of open which will make things much cleaner.
- the updated test suites and standalone tdb build code
- use libreplace headers
There are still some small differences I haven't merged. I'll discuss
those on the list.
(This used to be commit 48903c75ed)
is completely useless (and in fact harmful :-) in
that it causes a winbindd error where there should
be none.
Jeremy.
(This used to be commit acf5419d62)
That one was hard to find: when coming from offline mode and switching
to online, a refresh sequence number call (using the default MS-RPC
mechanism) may reset domain->backend to NULL (by the set_domain_online
event). We need to make sure to reidentify the remote domain in that
case.
Guenther
(This used to be commit 4d6503d137)
descriptors. Both databases are long-lived and not frequently written, so I
think storing it deserves a tdb transaction.
Volker
(This used to be commit 2d4b5f5727)
this shold be a strong dependency. If stuff from Fink is an optional
extra, there should be a --with-stuff-from-fink argument. It's just
too easy to unexpectedly end up with binaries that depend on
/sw/{lib,include}.
(This used to be commit d0166e1172)
Jerry.
If "enum users" is set to false, and the group being looked
up is the Domain Users SID: S-1-5-domain-513, then for the
list of members check if the querying user is in that group,
and if so only return that user as the gr_mem array.
We can change this to a different parameter than "enum users"
if neccessaey, or parameterize the group list we do this for.
Jeremy.
(This used to be commit 91b40e25cc)
x, so we can't get at them even if we wanted to.
Kerberos experts, please take a look to make sure I've done the
right thing!
(This used to be commit 9b8e179fcc)
The protocol negotiation string "LANMAN2.1" was not listed in the set of
negotiatiable possibilities, so non-optimal negotiation was taking place.
(This used to be commit a0dfa60fc5)
- "The problem is, with a fresh system, we don't know our sitename,
therefor we do a stupid DNS query for all DCs. The reply we get is a
round-robin list of all 21 DCs, we just pick the first, contact that
and safe that INET.COM#1C query in the name cache for later use...
What we need to do if we don't yet know our sitename, is to contact to
any DC, get the CLDAP reply to tell us in which site we are, then flush
the namecache and requery DNS including the sitename"
Implement the flushing of the #1C entries for a given NetBIOS name/realm
when looking up the site value.
Jeremy.
(This used to be commit b2d1e44f59)
we need to make sure
HAVE_GSSAPI
HAVE_KRB5_H
HAVE_GSSAPI_H
HAVE_GSSAPI_GSSAPI_GENERIC_H
HAVE_GSSAPI_GSSAPI_H
are not in config.h
this adds 2 new macros to libreplace
AC_REMOVE_DEFINE(), AC_REMOVE_INCLUDE()
metze
(This used to be commit eb1f0b49cf)
are missing! Bailing out at compile time is ugly.
Hopefully this fixes the Mac OS 10 boxes in the build-farm
there're some missing function. Fixing that is a different
problem...
metze
(This used to be commit e00a83a0b6)
fix configure test for net/if.h on some platforms
AC_LANG_SOURCE() adds the content of confdefs.h in front
of the compiled file
metze
(This used to be commit 7cbdc06ad9)
workgroup, decided periodically to stop sending recognized responses to a
NetServerEnum2 request for the workgroup. Instead of returning the list of
servers (only itself; nothing else in the workgroup), it returns a status code
of 8 which is unsupported by samba3, samba4, and ethereal.
The code for this request assumed that if an unexpected status code was
received, the connection had a problem, i.e. that cli_errno() would show a
problem. That turns out not to be the case.
This patch changes the behavior so tha any time a response is received and
cli_errno() == 0, we continue processing the reply and base our response on
the returned count (zero). The pre-existing code then converts this count=0
into an ENOENT errno which can be properly handled by the application (whereas
an error return with errno=0 can't be).
This packet dump has only 2 frames. Sorry about the text version but it's
most easily attached to this log message. I also have it saved as .pcap if
anyone wants it.
Derrell
No. Time Source Destination Protocol Info
1 14:31:59.802668 192.168.1.106 192.168.1.100 LANMAN NetServerEnum2 Request, Server, SQL Server, Domain Controller, Backup Controller, Time Source, Apple Server, Novell Server, Domain Member Server, Print Queue Server, Dialin Server, Xenix Server, NT Workstation, Windows for Workgroups, Unknown server type:14, NT Server
Frame 1 (196 bytes on wire, 196 bytes captured)
Arrival Time: Oct 10, 2006 14:31:59.802668000
Time delta from previous packet: 0.000000000 seconds
Time since reference or first frame: 0.000000000 seconds
Frame Number: 1
Packet Length: 196 bytes
Capture Length: 196 bytes
Protocols in frame: eth:ip:tcp:nbss:smb
Ethernet II, Src: IntelCor_4a:47:bb (00:13:20:4a:47:bb), Dst: Micro-St_74:16:e7 (00:0c:76:74:16:e7)
Destination: Micro-St_74:16:e7 (00:0c:76:74:16:e7)
Source: IntelCor_4a:47:bb (00:13:20:4a:47:bb)
Type: IP (0x0800)
Internet Protocol, Src: 192.168.1.106 (192.168.1.106), Dst: 192.168.1.100 (192.168.1.100)
Version: 4
Header length: 20 bytes
Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00)
0000 00.. = Differentiated Services Codepoint: Default (0x00)
.... ..0. = ECN-Capable Transport (ECT): 0
.... ...0 = ECN-CE: 0
Total Length: 182
Identification: 0xb838 (47160)
Flags: 0x04 (Don't Fragment)
0... = Reserved bit: Not set
.1.. = Don't fragment: Set
..0. = More fragments: Not set
Fragment offset: 0
Time to live: 64
Protocol: TCP (0x06)
Header checksum: 0xfdea [correct]
Good: True
Bad : False
Source: 192.168.1.106 (192.168.1.106)
Destination: 192.168.1.100 (192.168.1.100)
Transmission Control Protocol, Src Port: 44932 (44932), Dst Port: netbios-ssn (139), Seq: 851982066, Ack: 1274726157, Len: 130
Source port: 44932 (44932)
Destination port: netbios-ssn (139)
Sequence number: 851982066
Next sequence number: 851982196
Acknowledgement number: 1274726157
Header length: 32 bytes
Flags: 0x0018 (PSH, ACK)
0... .... = Congestion Window Reduced (CWR): Not set
.0.. .... = ECN-Echo: Not set
..0. .... = Urgent: Not set
...1 .... = Acknowledgment: Set
.... 1... = Push: Set
.... .0.. = Reset: Not set
.... ..0. = Syn: Not set
.... ...0 = Fin: Not set
Window size: 6432
Checksum: 0xb4e0 [correct]
Options: (12 bytes)
NOP
NOP
Time stamp: tsval 1184074739, tsecr 11576161
NetBIOS Session Service
Message Type: Session message
Flags: 0x00
.... ...0 = Add 0 to length
Length: 126
SMB (Server Message Block Protocol)
SMB Header
Server Component: SMB
Response in: 2
SMB Command: Trans (0x25)
NT Status: STATUS_SUCCESS (0x00000000)
Flags: 0x08
0... .... = Request/Response: Message is a request to the server
.0.. .... = Notify: Notify client only on open
..0. .... = Oplocks: OpLock not requested/granted
...0 .... = Canonicalized Pathnames: Pathnames are not canonicalized
.... 1... = Case Sensitivity: Path names are caseless
.... ..0. = Receive Buffer Posted: Receive buffer has not been posted
.... ...0 = Lock and Read: Lock&Read, Write&Unlock are not supported
Flags2: 0xc801
1... .... .... .... = Unicode Strings: Strings are Unicode
.1.. .... .... .... = Error Code Type: Error codes are NT error codes
..0. .... .... .... = Execute-only Reads: Don't permit reads if execute-only
...0 .... .... .... = Dfs: Don't resolve pathnames with Dfs
.... 1... .... .... = Extended Security Negotiation: Extended security negotiation is supported
.... .... .0.. .... = Long Names Used: Path names in request are not long file names
.... .... .... .0.. = Security Signatures: Security signatures are not supported
.... .... .... ..0. = Extended Attributes: Extended attributes are not supported
.... .... .... ...1 = Long Names Allowed: Long file names are allowed in the response
Process ID High: 0
Signature: 0000000000000000
Reserved: 0000
Tree ID: 2048
Process ID: 12967
User ID: 2048
Multiplex ID: 6
Trans Request (0x25)
Word Count (WCT): 14
Total Parameter Count: 36
Total Data Count: 0
Max Parameter Count: 8
Max Data Count: 65535
Max Setup Count: 0
Reserved: 00
Flags: 0x0000
.... .... .... ..0. = One Way Transaction: Two way transaction
.... .... .... ...0 = Disconnect TID: Do NOT disconnect TID
Timeout: Return immediately (0)
Reserved: 0000
Parameter Count: 36
Parameter Offset: 90
Data Count: 0
Data Offset: 126
Setup Count: 0
Reserved: 00
Byte Count (BCC): 63
Transaction Name: \PIPE\LANMAN
SMB Pipe Protocol
Microsoft Windows Lanman Remote API Protocol
Function Code: NetServerEnum2 (104)
Parameter Descriptor: WrLehDz
Return Descriptor: B16BBDz
Detail Level: 1
Receive Buffer Length: 65535
Server Type: 0x0000fffe
.... .... .... .... .... .... .... ...0 = Workstation: This is NOT a Workstation
.... .... .... .... .... .... .... ..1. = Server: This is a Server
.... .... .... .... .... .... .... .1.. = SQL: This is an SQL server
.... .... .... .... .... .... .... 1... = Domain Controller: This is a Domain Controller
.... .... .... .... .... .... ...1 .... = Backup Controller: This is a Backup Controller
.... .... .... .... .... .... ..1. .... = Time Source: This is a Time Source
.... .... .... .... .... .... .1.. .... = Apple: This is an Apple host
.... .... .... .... .... .... 1... .... = Novell: This is a Novell server
.... .... .... .... .... ...1 .... .... = Member: This is a Domain Member server
.... .... .... .... .... ..1. .... .... = Print: This is a Print Queue server
.... .... .... .... .... .1.. .... .... = Dialin: This is a Dialin server
.... .... .... .... .... 1... .... .... = Xenix: This is a Xenix server
.... .... .... .... ...1 .... .... .... = NT Workstation: This is an NT Workstation
.... .... .... .... ..1. .... .... .... = WfW: This is a WfW host
.... .... .... .... 1... .... .... .... = NT Server: This is an NT Server
.... .... .... ...0 .... .... .... .... = Potential Browser: This is NOT a Potential Browser
.... .... .... ..0. .... .... .... .... = Backup Browser: This is NOT a Backup Browser
.... .... .... .0.. .... .... .... .... = Master Browser: This is NOT a Master Browser
.... .... .... 0... .... .... .... .... = Domain Master Browser: This is NOT a Domain Master Browser
.... .... ...0 .... .... .... .... .... = OSF: This is NOT an OSF host
.... .... ..0. .... .... .... .... .... = VMS: This is NOT a VMS host
.... .... .0.. .... .... .... .... .... = Windows 95+: This is NOT a Windows 95 or above host
.0.. .... .... .... .... .... .... .... = Local: This is NOT a local list only request
0... .... .... .... .... .... .... .... = Domain Enum: This is NOT a Domain Enum request
Enumeration Domain: WORKGROUP
No. Time Source Destination Protocol Info
2 14:31:59.803918 192.168.1.100 192.168.1.106 LANMAN NetServerEnum2 Response
Frame 2 (134 bytes on wire, 134 bytes captured)
Arrival Time: Oct 10, 2006 14:31:59.803918000
Time delta from previous packet: 0.001250000 seconds
Time since reference or first frame: 0.001250000 seconds
Frame Number: 2
Packet Length: 134 bytes
Capture Length: 134 bytes
Protocols in frame: eth:ip:tcp:nbss:smb
Ethernet II, Src: Micro-St_74:16:e7 (00:0c:76:74:16:e7), Dst: IntelCor_4a:47:bb (00:13:20:4a:47:bb)
Destination: IntelCor_4a:47:bb (00:13:20:4a:47:bb)
Source: Micro-St_74:16:e7 (00:0c:76:74:16:e7)
Type: IP (0x0800)
Internet Protocol, Src: 192.168.1.100 (192.168.1.100), Dst: 192.168.1.106 (192.168.1.106)
Version: 4
Header length: 20 bytes
Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00)
0000 00.. = Differentiated Services Codepoint: Default (0x00)
.... ..0. = ECN-Capable Transport (ECT): 0
.... ...0 = ECN-CE: 0
Total Length: 120
Identification: 0xea10 (59920)
Flags: 0x04 (Don't Fragment)
0... = Reserved bit: Not set
.1.. = Don't fragment: Set
..0. = More fragments: Not set
Fragment offset: 0
Time to live: 128
Protocol: TCP (0x06)
Header checksum: 0x8c50 [correct]
Good: True
Bad : False
Source: 192.168.1.100 (192.168.1.100)
Destination: 192.168.1.106 (192.168.1.106)
Transmission Control Protocol, Src Port: netbios-ssn (139), Dst Port: 44932 (44932), Seq: 1274726157, Ack: 851982196, Len: 68
Source port: netbios-ssn (139)
Destination port: 44932 (44932)
Sequence number: 1274726157
Next sequence number: 1274726225
Acknowledgement number: 851982196
Header length: 32 bytes
Flags: 0x0018 (PSH, ACK)
0... .... = Congestion Window Reduced (CWR): Not set
.0.. .... = ECN-Echo: Not set
..0. .... = Urgent: Not set
...1 .... = Acknowledgment: Set
.... 1... = Push: Set
.... .0.. = Reset: Not set
.... ..0. = Syn: Not set
.... ...0 = Fin: Not set
Window size: 64606
Checksum: 0x1e0d [correct]
Options: (12 bytes)
NOP
NOP
Time stamp: tsval 11576161, tsecr 1184074739
NetBIOS Session Service
Message Type: Session message
Flags: 0x00
.... ...0 = Add 0 to length
Length: 64
SMB (Server Message Block Protocol)
SMB Header
Server Component: SMB
Response to: 1
Time from request: 0.001250000 seconds
SMB Command: Trans (0x25)
NT Status: STATUS_SUCCESS (0x00000000)
Flags: 0x88
1... .... = Request/Response: Message is a response to the client/redirector
.0.. .... = Notify: Notify client only on open
..0. .... = Oplocks: OpLock not requested/granted
...0 .... = Canonicalized Pathnames: Pathnames are not canonicalized
.... 1... = Case Sensitivity: Path names are caseless
.... ..0. = Receive Buffer Posted: Receive buffer has not been posted
.... ...0 = Lock and Read: Lock&Read, Write&Unlock are not supported
Flags2: 0xc801
1... .... .... .... = Unicode Strings: Strings are Unicode
.1.. .... .... .... = Error Code Type: Error codes are NT error codes
..0. .... .... .... = Execute-only Reads: Don't permit reads if execute-only
...0 .... .... .... = Dfs: Don't resolve pathnames with Dfs
.... 1... .... .... = Extended Security Negotiation: Extended security negotiation is supported
.... .... .0.. .... = Long Names Used: Path names in request are not long file names
.... .... .... .0.. = Security Signatures: Security signatures are not supported
.... .... .... ..0. = Extended Attributes: Extended attributes are not supported
.... .... .... ...1 = Long Names Allowed: Long file names are allowed in the response
Process ID High: 0
Signature: 0000000000000000
Reserved: 0000
Tree ID: 2048
Process ID: 12967
User ID: 2048
Multiplex ID: 6
Trans Response (0x25)
Word Count (WCT): 10
Total Parameter Count: 8
Total Data Count: 0
Reserved: 0000
Parameter Count: 8
Parameter Offset: 56
Parameter Displacement: 0
Data Count: 0
Data Offset: 64
Data Displacement: 0
Setup Count: 0
Reserved: 00
Byte Count (BCC): 9
Padding: 00
SMB Pipe Protocol
Microsoft Windows Lanman Remote API Protocol
Function Code: NetServerEnum2 (104)
Status: Unknown (8)
Convert: 0
Entry Count: 0
Available Entries: 0
(This used to be commit 88fa5ac734)
Convert the low-hanging fruit of the LSA server. This provides a sample how
the server calls can be converted one by one, see the "proxy_lsa_call"
function.
Volker
(This used to be commit 99e54a213a)
least with dummy routines. We need a way to indicate that we do not support a
call, so that srv_pipe_hnd.c can return the DCE level RNG_ERROR.
This flag can be set in the backend routines for this one. I'll change pidl to
generate code to "return False" in srv_lsa.c if this flag is set.
Volker
(This used to be commit 5260657664)
messages to internal domains, or to domains not being
serviced by a winbindd child. Ensure the child online
offline requests are domain specific.
Jeremy.
(This used to be commit 81a9dc4b9f)
NSS protocols auth, chauthtok, logoff, ccache_ntlm_auth.
That way we ensure winbindd only deals with fully
qualified names internally. The NSS protocols
auth_crap and chng_pswd_auth_crap should be fixed
to do the same thing.
Jeremy.
(This used to be commit dbd2454d33)
ensure that data values from ldap libs are null terminated, to allow
ldb_msg_find_attr_as_string() to work correctly.
Thanks to Jim Myers for spotting this!
metze
(This used to be commit a5ea82bb05)
this more portable and try to make use of ladebug on Tru64,
but that only works when the binary is passed as 2nd arg to gdb_backtrace
as Tru64 doesn't know /proc/${PID}/exe
we need to find a way to pass the progname in 'panic action'
in samba3
metze
(This used to be commit 2f55fd82ff)
gives just any DC), also make sure to set timeouts in rpcclient
accordingly so that we actually get the DC's reply.
Guenther
(This used to be commit 6091c8152a)
- passing mem_ctx as ldb_context is a bad idea!
- naming a static function talloc_ is also bad and misleading
metze
(This used to be commit 0523ad2493)
I have some problems resolving the last 3 ones in attrib_handlers.c. In line
251 the function ldb_dn_explode_casefold is called with mem_ctx as the first
argument. Looking at ldb_dn_explode_casefold I see that the first argument it
expects is a struct ldb_context. I could certainly add a cast to (struct
ldb_context *) to that call, but I would assume that this is the wrong fix. Is
it possible that attrib_handlers.c:251 and :254 should have ldb and not
mem_ctx as the first argument?
Can anybody from Samba4 clarify this for me and apply the correct fix?
Thanks a lot.
Volker
(This used to be commit 26f2cb71eb)
the moment) but winbindd isn't run in the build farm
so hopefully won't break anything too badly - I don't
want to lose this.
If winbindd starts offline then it falls back to using
MS-RPC backend. On going online it needs to reset the
backend and try and go to using the AD backend code if
possible, as the MS-RPC sequence number fetch just returns
1 as the sequence number if run against an AD DC.
In addition, the winbindd async child may end up
with the AD backend whilst the main winbindd - which
still contacts the DC for some non-async calls, is
left using MS-RPC. This can cause some trouble (as
you can imagine :-).
Attempt to ensure both main winbindd and async children
us AD backends on going online.
Jeremy.
(This used to be commit 5efd4b04b8)
The attached patch cleans up pam_winbind a tiny bit. Instead of making
exceptions for all pam implementations except for Linux' it's better
to make an exception for the only pam implementation which is
different from all the others. This is equivalent to what pam_smb_auth
does already.
-----------------
Jeremy
(This used to be commit 8e55964708)
including SOCKET_WRAPPER_PCAP_FILE support
but I just noticed that samba don't use recv()/send()
on the socket, so the capture only contain connect()/close()
metze
(This used to be commit b894e33023)
we now don't compile mostly each .c file twice.
- we use PICFLAG for all object files
- PICFLAG defaults to PIE_CFLAGS and is then overwritten
if the system supports shared libraries
as we currently always use -fPIE if available
(and at least on linux -fPIE produces the same code as -fPIC)
it doesn't change anything in the resulting code.
"high performance" binaries can be build with
"--disable-pie --disable-shared" if someone really needs to...
metze
(This used to be commit 6db1f57f45)
HAVE_KRB5. If WITH_ADS does not imply KRB5, we have to fix that.
Lets see what the build farm thinks about this.
Volker
(This used to be commit 27b063078d)
password at next logon" code. The "password last set time" of zero now
means "user must change password", because that's how windows seems to
use it. The "can change" and "must change" times are now calculated
based on the "last set" time and policies.
We use the "can change" field now to indicate that a user cannot change
a password by putting MAX_TIME_T in it (so long as "last set" time isn't
zero). Based on this, we set the password-can-change bit in the
faked secdesc.
(This used to be commit 21abbeaee9)
weeks ago.
We have some work before us, when in AD mode Vista sends
"not_defined_in_RFC4178@please_ignore" as the principal.....
Volker
(This used to be commit af85d8ec02)
getprinter calls. Survives the RPC-SAMBA3-SPOOLSS test which I will activate
when the Samba4 build farm has picked it up.
Volker
(This used to be commit d7248b6cfa)
Jelmer, Jerry, in cmd_unixinfo.c:159 there is still the warning that "info" is
being used uninitialized which I don't really know how to fix.
Any hints?
Volker
(This used to be commit 4a5d11e194)
For those who are interested, try
net ads gpo refresh mybox$
to get your machine related GPOs downloaded to /var/lib/samba/gpo_cache.
Detailed information about GPOs is currently only printed when setting a
higher debuglevel then 0.
Guenther
(This used to be commit d086babf9d)
- fix bug 4078
- talloc_free(talloc_autofree_context()); should not result
in a SIGABORT on exit
- add a test for this, but this test can also pass in the standalone build
and samba3, as samba4 uses talloc_autofree_context()
metze
(This used to be commit f5b0924f97)
items in cac_winreg.c
* Get 'net rpc registry enumerate' to list values again
* Fix winreg.idl QueryInfoKey(). The max_subkeysize is the
max_classlen (we previously had this correct in Samba3")
* fix valgrind error about uninitialized memory and use-before-set
on size value inmemset() call
* Fix key enumeration in 'net rpc registry enumerate'
* regenerate gen_dir files based on local pidl patches
Please note that the generated ndr files are from my local
copy of pidl. If you need to regenerate, please apply the
patch that I posted to the samba-technical list earlier today.
(This used to be commit 5d843612a1)
but disable building of shared libs and modules whe enable_shared != yes
Also make it easier to track down the problem with lost LDFLAGS values
on AIX.
metze
(This used to be commit 3367e306e6)
reported that Samba3 on Solaris Sparc with the native compiler can't
join Windows domains. If it worked we were just lucky. I suspect it
just didn't work.
(This used to be commit 9df1e7d989)
we need to include unistd.h in system/network.h because
it contains the ioctl() prototype on some systems
and we need to make sure it gets included before socket_wrapper
defines ioctl swrap_ioctl
metze
(This used to be commit d827534760)
Samba4 smbd force the umask to 0, which meant we ended up with ldb
being world writable.
This isn't really an ideal fix, as it means ldb no longer honors umask
(as it should do, like all good libraries).
Unfortunately the 'proper' fix is too complex for now
this also merges a tiny code style fix from s4 to s3
(This used to be commit dd8ec8725f)
in,out ref pointer
* Clarify variable names in EnumValue IDL
* Fix server code for _winreg_EnumValue() and _winreg_QueryInfoKe()
(This used to be commit f520a9d0fb)
string is zero length. This allows callers to not have to worry about
creating an invalid ldap attribute.
See extensive discussion on samba-technical list :-)
(This used to be commit 9e66df05a4)
2 separate CPPFLAGS variables. So just cleanup the SAMBA_CPPFLAGS
for out of tree builds. This has been tested locally and works.
Maybe metze can find a better way tomorrow.
(This used to be commit 8aa681df99)
like negative values in the generated code.
I'm not sure how we can solve that in samba3 as the generated code is commited
Maybe we need to alsways pass --uint-enums
metze
(This used to be commit 9468dcc5d5)
